Further ways to lockdown apps like Kodi and VLC

You have have read that CheckPoint, a cyber security research company, has identified vulnerabilities that may allow an attacker to compromise your computer using malicious subtitle files downloaded by popular media players including Kodi and VLC. It's not clear if this affects macOS too, but in light of this threat, here is a summary of how I further "lockdown" any apps I'm unsure of...

If you're paranoid - like I am - these posts may be of interest to anyone trying to further "lockdown" these apps (and I use the term "lockdown" really, really loosely, because I'm in no way implying these methods are 100%, or not implying that VLC or Kodi are insecure or untrustworthy):

You could create a macOS App Sandbox - I detail out how I sandboxed Kodi and the ideas therein apply to any other App. This is a bit like Jails in BSD or Sandboxie in Windows, and can block Apps from accessing system resources, directories, shared memory, etc. However, setting this up requires deep technical knowledge of macOS and POSIX.

Or you could create a Virtual Machine (or VM) to run your App in, with virtualization software like the open-source VirtualBox, which supports Windows or Linux Guests. I personally use the free Or try Parallels Desktop Lite - and I wrote about how easy to install a macOS guest on a macOS host. By default, the guest cannot access the file system of your host, unless you explicity "share" a folder. However, there is a performance hit, and on my macOS VM on MacBook Air (2015), there is some stuttering when playing a Youtube video or MP4 file in QuickTime.

Neither a foolproof, both require work, and if you don't know what you are doing, then there is no security to be had no matter what. I guess for me, these are sufficient to allay my main concern of keeping my files secure (i.e. untouched by the likes of ransomware, and not "stolen" off my machine outright).